This is prevented by the chrooted environment that plesk runs under (for security reasons). There are work arounds, such as running the script under an alternative subdomain instead of having it through plesk, but this breaks the security system that plesk has in place, and leaves you open to security vulnerabilies within the script itself. Granted, if you properly configure it, you wont have to worry...
I.e., I have phpsysinfo set up on three boxes, with one box pulling the stats via an xml parsing system. It uses a direct call through the php page loading to get the pages from the other sites, getting the data, and showing it to my users that way. My stats sites are, otherwise, unreachable to any users directly. This ensures that, unless they figure out my system (which is nearly impossible unless the get the source to my site), my data will be secure.